Powering DeFi: (In)transparent Sources of Truth

If you’re involved in the blockchain space, the term DeFi is something you most probably heard of or even actively use. Whether it’s lending protocols such as Aave or Maker, algorithmic stablecoins such as Frax or Ampleforth, or derivative protocols such as Synthetix or Mirror (and numerous other areas of DeFi I haven’t mentioned here) — they all have something in common: They cannot function without pricing data.

If you’re using a dApp like Aave to take out a loan using your ETH as collateral, Aave needs to know what that collateral is worth before handing out a loan. If this was Web 2.0, you would call the API that makes cryptocurrency pricing data available. This isn’t possible in Web 3.0, because blockchains do not natively have access to information in the ‘real’ world, meaning that dApps like Aave that run on them, cannot simply call an API like an App on your smartphone could.

Oracles are just one way to pass data to a blockchain. Image via 3commas.io

This is where oracles come into play. In simple terms an oracle takes information from the real world (generally through APIs) and puts it onto the blockchain, so that dApps like Aave can consume the data. Bringing data on-chain can be achieved in a third-party fashion, where an intermediary that is not the data source performs this task, or in a first-party fashion, where the data source deals with this directly.

When it comes to pricing data, oracles usually aggregate across multiple nodes to avoid creating single points of failure. It is important to note though, that aggregating across multiple nodes doesn’t necessarily mean that just as many data sources are being used in the aggregation. Band Protocol for instance relies on third-party oracle nodes (called Validators) to fetch pricing data from data sources and publish the aggregate of their responses on-chain. One of their price feeds however proves that aggregating from multiple nodes doesn’t necessarily mean that you’re receiving a more robust and diverse feed. The OXT/USD price feed below shows a single data source (Coingecko) being served by 16 validators.

OXT/USD Feed from https://data.bandprotocol.com/

While this example shows that this aggregation isn’t necessarily efficient (or adding any value compared to Coingecko serving this data directly on-chain as a first-party oracle) it highlights another thing — transparency. If I want to consume this data as a dApp, I know exactly what I am getting. One data source, served by 16 third-party nodes. It doesn’t matter if it’s the OXT/USD feed or any other feed that Band publishes. You always know what you’re paying for.

BTC/USD on Ethereum Mainnet from https://data.chain.link/ethereum/mainnet/crypto-usd/btc-usd

You might be thinking it is obvious that as a consumer of a price feed you should know from where and how it is aggregated, but this is not the norm. Chainlink price feeds provide an example for this. If we look at the BTC/USD price feed on Ethereum, we can extract the following information.

1. We see the aggregated value that is reported on-chain.
2. This feed is maintained by 31 nodes and we see each nodes individual answer.
3. We see other parameters like the deviation, heartbeat, and last update time.

What we do not get from this is what data sources are being used. Combine this information with the fact that the vast majority of Chainlink nodes is third-party operated, thus not the source of the data they are reporting, and we are left with a bunch of questions:

What is it that we are consuming here? Where are these 31 nodes getting their data from? Are they using 31 separate sources? Maybe they are using multiple sources and aggregate them before reporting? Or are all these nodes using the same source? But most importantly, why is there no possibility for me to simply verify what it is that I am consuming?

Like the above exmaple shows, the blockchain community is very fast and unforgiving when it comes to oracles. Every misreport, underperformance, or deviation from the ‘decentralized standard’ by any oracle project will find its way onto crypto twitter in mere seconds. A community that lives by the standards of decentralization and trustlessness will debate over what occurred only to come to the same conclusion:

‘Why didn’t you simply use Chainlink?’

The same community that preaches ‘don’t trust, verify’, goes above and beyond to recommend price feeds that are everything it claims to stand against: Black boxes that magically spit out numbers. They don’t know where these numbers come from. They can’t verify them. Yet, in a twisted way they’re happy to tell you to power your billion dollar dApps that run on trustless and decentralized ecosystems with them.
Ironic.